This repository was archived by the owner on May 1, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprofile.php
More file actions
170 lines (151 loc) · 7.14 KB
/
profile.php
File metadata and controls
170 lines (151 loc) · 7.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
header("Location: login.php");
exit;
}
require 'vendor/autoload.php';
include 'navbar.php';
include 'config/config.php';
if ($db->connect_error) {
die("Błąd połączenia z bazą danych: " . $db->connect_error);
}
$user_id = $_SESSION['user_id'];
$changePasswordSuccess = $changeUsernameSuccess = $change2FASuccess = $deleteAccountSuccess = "";
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['changePassword'])) {
$currentPassword = $_POST['currentPassword'];
$newPassword = $_POST['newPassword'];
$query = "SELECT password FROM users WHERE id = ?";
$stmt = $db->prepare($query);
$stmt->bind_param("i", $user_id);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
$stmt->bind_result($db_password);
$stmt->fetch();
if (password_verify($currentPassword, $db_password)) {
// Hasło jest poprawne, można zmienić na nowe
$newPasswordHash = password_hash($newPassword, PASSWORD_BCRYPT);
$updateQuery = "UPDATE users SET password = ? WHERE id = ?";
$updateStmt = $db->prepare($updateQuery);
$updateStmt->bind_param("si", $newPasswordHash, $user_id);
$updateStmt->execute();
$changePasswordSuccess = "Hasło zostało zmienione.";
} else {
$changePasswordSuccess = "Nieprawidłowe obecne hasło. Hasło nie zostało zmienione.";
}
}
} elseif (isset($_POST['changeUsername'])) {
$currentPassword = $_POST['currentPassword'];
$newUsername = $_POST['newUsername'];
$query = "SELECT password FROM users WHERE id = ?";
$stmt = $db->prepare($query);
$stmt->bind_param("i", $user_id);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
$stmt->bind_result($db_password);
$stmt->fetch();
if (password_verify($currentPassword, $db_password)) {
$updateQuery = "UPDATE users SET username = ? WHERE id = ?";
$updateStmt = $db->prepare($updateQuery);
$updateStmt->bind_param("si", $newUsername, $user_id);
$updateStmt->execute();
$changeUsernameSuccess = "Nazwa użytkownika została zmieniona.";
} else {
$changeUsernameSuccess = "Nieprawidłowe obecne hasło. Nazwa użytkownika nie została zmieniona.";
}
}
} elseif (isset($_POST['change2FA'])) {
$is2FAEnabled = isset($_POST['is2FAEnabled']) ? 1 : 0;
$updateQuery = "UPDATE users SET is_2fa_enabled = ? WHERE id = ?";
$updateStmt = $db->prepare($updateQuery);
$updateStmt->bind_param("ii", $is2FAEnabled, $user_id);
$updateStmt->execute();
$change2FASuccess = $is2FAEnabled ? "Autoryzacja dwuskładnikowa (2FA) została włączona." : "Autoryzacja dwuskładnikowa (2FA) została wyłączona.";
} elseif (isset($_POST['deleteAccount'])) {
$deleteToken = bin2hex(random_bytes(32));
$insertQuery = "INSERT INTO delete_account_tokens (user_id, token) VALUES (?, ?)";
$insertStmt = $db->prepare($insertQuery);
$insertStmt->bind_param("is", $user_id, $deleteToken);
if ($insertStmt->execute()) {
$query = "SELECT email FROM users WHERE id = ?";
$stmt = $db->prepare($query);
$stmt->bind_param("i", $user_id);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
$stmt->bind_result($user_email);
$stmt->fetch();
$mail = new PHPMailer\PHPMailer\PHPMailer();
try {
$mail->isSMTP();
$mail->Host = 'mx1.mail.com';
$mail->SMTPAuth = true;
$mail->Username = 'noreply@mail.com';
$mail->Password = 'password';
$mail->SMTPSecure = 'ssl';
$mail->Port = 465;
$mail->CharSet = 'UTF-8';
$mail->Encoding = 'base64';
$mail->setFrom('noreply@mail.com', 'Mail');
$mail->addAddress($user_email);
$mail->isHTML(true);
$mail->Subject = 'Usuwanie konta';
$deleteLink = 'https://site.com/delete-account.php?token=' . $deleteToken;
$mail->Body = "
<html>
<head>
<style>
.button {
background-color: #2563eb;
color: #ffffff;
text-decoration: none;
text-align: center;
padding: 10px 20px;
display: inline-block;
margin-top: 20px;
border-radius: 5px;
}
.center-logo {
text-align: center;
background-color: #151921;
border-top-left-radius: 5px;
border-top-right-radius: 5px;
}
.logo {
width: 300px;
display: inline-block;
}
</style>
</head>
<body style='background-color: #151921; font-family: Arial, sans-serif; padding: 20px;'>
<div style='background-color: #ffffff; max-width: 600px; margin: 0 auto; border-radius: 5px; box-shadow: 0px 4px 6px rgba(0, 0, 0, 0.1);'>
<div class='center-logo'>
<img src='logo.png' alt='Logo' class='logo'>
</div>
<div style='padding: 20px;'>
<p style='font-size: 16px;'>Aby usunąć konto, kliknij poniższy przycisk:</p>
<a href='$deleteLink' class='button'>
Usuń konto
</a>
</div>
</div>
</body>
</html>
";
if ($mail->send()) {
$deleteAccountSuccess = "E-mail z linkiem do usunięcia konta został wysłany na Twój adres e-mail.";
} else {
$deleteAccountSuccess = "Błąd podczas wysyłania e-maila z linkiem do usunięcia konta: " . $mail->ErrorInfo;
}
} catch (Exception $e) {
$deleteAccountSuccess = "Błąd podczas konfiguracji PHPMailera: " . $e->getMessage();
}
}
}
}
}
include "themes/$theme/profile.php";
?>